rpms/kernel/devel kernel.spec, 1.1888, 1.1889 linux-2.6-execshield.patch, 1.112, 1.113
Dave Jones
davej at fedoraproject.org
Mon Jan 11 21:44:11 UTC 2010
Author: davej
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18238
Modified Files:
kernel.spec linux-2.6-execshield.patch
Log Message:
Rebase exec-shield.
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1888
retrieving revision 1.1889
diff -u -p -r1.1888 -r1.1889
--- kernel.spec 11 Jan 2010 21:38:09 -0000 1.1888
+++ kernel.spec 11 Jan 2010 21:44:11 -0000 1.1889
@@ -1169,7 +1169,7 @@ ApplyPatch linux-2.6.29-sparc-IOC_TYPECH
#
# Exec shield
#
-#ApplyPatch linux-2.6-execshield.patch FIXME(maybe?)
+ApplyPatch linux-2.6-execshield.patch
#
# bugfixes to drivers and filesystems
@@ -1975,6 +1975,9 @@ fi
# and build.
%changelog
+* Mon Jan 11 2010 Dave Jones <davej at redhat.com>
+- Rebase exec-shield.
+
* Mon Jan 11 2010 Kyle McMartin <kyle at redhat.com>
- drop e1000 patch.
linux-2.6-execshield.patch:
b/arch/x86/include/asm/desc.h | 25 +++++
b/arch/x86/include/asm/mmu.h | 7 +
b/arch/x86/include/asm/paravirt.h | 6 +
b/arch/x86/include/asm/paravirt_types.h | 3
b/arch/x86/include/asm/processor.h | 3
b/arch/x86/kernel/cpu/common.c | 14 +++
b/arch/x86/kernel/paravirt.c | 3
b/arch/x86/kernel/process_32.c | 48 ++++++++++
b/arch/x86/kernel/traps.c | 129 ++++++++++++++++++++++++++---
b/arch/x86/mm/mmap.c | 5 -
b/arch/x86/mm/tlb.c | 7 +
b/arch/x86/vdso/vdso32-setup.c | 2
b/arch/x86/xen/enlighten.c | 21 ++++
b/fs/binfmt_elf.c | 21 ++++
b/include/linux/mm.h | 8 +
b/include/linux/mm_types.h | 3
b/include/linux/resource.h | 5 -
b/include/linux/sched.h | 7 +
b/kernel/sysctl.c | 29 ++++++
b/mm/mmap.c | 121 +++++++++++++++++++++++++--
b/mm/mprotect.c | 10 ++
linux-2.6.32.noarch/arch/x86/mm/setup_nx.c | 6 +
linux-2.6.32.noarch/mm/mremap.c | 4
23 files changed, 460 insertions(+), 27 deletions(-)
Index: linux-2.6-execshield.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/linux-2.6-execshield.patch,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -p -r1.112 -r1.113
--- linux-2.6-execshield.patch 9 Dec 2009 01:32:09 -0000 1.112
+++ linux-2.6-execshield.patch 11 Jan 2010 21:44:11 -0000 1.113
@@ -390,23 +390,32 @@ index 7e37dce..92ae538 100644
}
#endif
-diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 73ffd55..0cf2a7b 100644
---- a/arch/x86/mm/init.c
-+++ b/arch/x86/mm/init.c
-@@ -149,6 +149,12 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
- set_nx();
- if (nx_enabled)
- printk(KERN_INFO "NX (Execute Disable) protection: active\n");
-+#ifdef CONFIG_X86_32
-+ else
-+ if (exec_shield)
-+ printk(KERN_INFO "Using x86 segment limits to approximate "
-+ "NX protection\n");
-+#endif
-
- /* Enable PSE if available */
- if (cpu_has_pse)
+--- linux-2.6.32.noarch/arch/x86/mm/setup_nx.c~ 2010-01-11 16:16:52.000000000 -0500
++++ linux-2.6.32.noarch/arch/x86/mm/setup_nx.c 2010-01-11 16:18:19.000000000 -0500
+@@ -1,3 +1,4 @@
++#include <linux/sched.h>
+ #include <linux/spinlock.h>
+ #include <linux/errno.h>
+ #include <linux/init.h>
+@@ -24,6 +24,7 @@ static int __init noexec_setup(char *str
+ disable_nx = 0;
+ } else if (!strncmp(str, "off", 3)) {
+ disable_nx = 1;
++ exec_shield = 0;
+ }
+ x86_configure_nx();
+ return 0;
+@@ -41,6 +41,10 @@ void __cpuinit x86_configure_nx(void)
+ void __init x86_report_nx(void)
+ {
+ if (!cpu_has_nx) {
++ if (exec_shield)
++ printk(KERN_INFO "Using x86 segment limits to approximate NX protection\n");
++ else
++
+ printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
+ "missing in CPU or disabled in BIOS!\n");
+ } else {
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index c8191de..7d84d01 100644
--- a/arch/x86/mm/mmap.c
@@ -429,25 +438,6 @@ index c8191de..7d84d01 100644
mm->unmap_area = arch_unmap_area_topdown;
}
}
-diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
-index 513d8ed..c614a90 100644
---- a/arch/x86/mm/setup_nx.c
-+++ b/arch/x86/mm/setup_nx.c
-@@ -1,3 +1,4 @@
-+#include <linux/sched.h>
- #include <linux/spinlock.h>
- #include <linux/errno.h>
- #include <linux/init.h>
-@@ -27,6 +28,9 @@ static int __init noexec_setup(char *str)
- } else if (!strncmp(str, "off", 3)) {
- disable_nx = 1;
- __supported_pte_mask &= ~_PAGE_NX;
-+#ifdef CONFIG_X86_32
-+ exec_shield = 0;
-+#endif
- }
- return 0;
- }
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 36fe08e..3806a45 100644
--- a/arch/x86/mm/tlb.c
@@ -691,10 +681,11 @@ index 0d949c5..12ca319 100644
#ifdef CONFIG_RCU_TORTURE_TEST
extern int rcutorture_runnable;
#endif /* #ifdef CONFIG_RCU_TORTURE_TEST */
-@@ -408,6 +428,14 @@ static struct ctl_table kern_table[] = {
- .proc_handler = &proc_dointvec,
+@@ -430,6 +430,15 @@ static struct ctl_table kern_table[] = {
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
},
- {
++ {
+ .ctl_name = CTL_UNNUMBERED,
+ .procname = "exec-shield",
+ .data = &exec_shield,
@@ -702,10 +693,10 @@ index 0d949c5..12ca319 100644
+ .mode = 0644,
+ .proc_handler = &proc_dointvec,
+ },
-+ {
- .ctl_name = KERN_CORE_USES_PID,
- .procname = "core_uses_pid",
- .data = &core_uses_pid,
++
+ #ifdef CONFIG_PROC_SYSCTL
+ {
+ .procname = "tainted",
diff --git a/mm/mmap.c b/mm/mmap.c
index 73f5e4b..814b95f 100644
--- a/mm/mmap.c
@@ -774,7 +765,7 @@ index 73f5e4b..814b95f 100644
if (addr & ~PAGE_MASK)
return addr;
-@@ -1453,13 +1473,17 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+@@ -1499,8 +1499,8 @@ void arch_unmap_area_topdown(struct mm_s
}
unsigned long
@@ -785,6 +776,9 @@ index 73f5e4b..814b95f 100644
{
unsigned long (*get_area)(struct file *, unsigned long,
unsigned long, unsigned long, unsigned long);
+@@ -1513,7 +1513,11 @@ get_unmapped_area(struct file *file, uns
+ if (len > TASK_SIZE)
+ return -ENOMEM;
- get_area = current->mm->get_unmapped_area;
+ if (exec && current->mm->get_unmapped_exec_area)
@@ -960,18 +954,18 @@ index 8bc969d..3c9b4fc 100644
mmu_notifier_invalidate_range_start(mm, start, end);
if (is_vm_hugetlb_page(vma))
hugetlb_change_protection(vma, start, end, vma->vm_page_prot);
-diff --git a/mm/mremap.c b/mm/mremap.c
-index 97bff25..17a9fd7 100644
---- a/mm/mremap.c
-+++ b/mm/mremap.c
-@@ -414,8 +414,8 @@ unsigned long do_mremap(unsigned long addr,
- if (vma->vm_flags & VM_MAYSHARE)
- map_flags |= MAP_SHARED;
-
-- new_addr = get_unmapped_area(vma->vm_file, 0, new_len,
-- vma->vm_pgoff, map_flags);
-+ new_addr = get_unmapped_area_prot(vma->vm_file, 0, new_len,
-+ vma->vm_pgoff, map_flags, vma->vm_flags & VM_EXEC);
- if (new_addr & ~PAGE_MASK) {
- ret = new_addr;
- goto out;
+--- linux-2.6.32.noarch/mm/mremap.c~ 2010-01-11 16:27:24.000000000 -0500
++++ linux-2.6.32.noarch/mm/mremap.c 2010-01-11 16:27:54.000000000 -0500
+@@ -485,10 +485,10 @@ unsigned long do_mremap(unsigned long ad
+ if (vma->vm_flags & VM_MAYSHARE)
+ map_flags |= MAP_SHARED;
+
+- new_addr = get_unmapped_area(vma->vm_file, 0, new_len,
++ new_addr = get_unmapped_area_prot(vma->vm_file, 0, new_len,
+ vma->vm_pgoff +
+ ((addr - vma->vm_start) >> PAGE_SHIFT),
+- map_flags);
++ map_flags, vma->vm_flags & VM_EXEC);
+ if (new_addr & ~PAGE_MASK) {
+ ret = new_addr;
+ goto out;
More information about the scm-commits
mailing list